The current implementation of response caching is unsafe in that the server might return an invalid response. This is possible because when the cache decorator is checking whether or not a request already has a cached response it only compares the authentication tokens and cache ids, not the request itself.
e.g. let cache be used to cache responses from some add endpoint. Consider this sequence of requests:
The "correct" response is 7, but the actual response is 3 because it will reuse the cached value from the previous request. Note that the value of 3 would still be returned even if a different endpoint (e.g. difference) were used for the second request. The best way of handling this is to return some sort of error code if the given cachid is already being used with the same token but different request.
This is arguably user error, but it might be worth fixing anyways. For example, if a client uses /dev/urandom to generate random cachids, there might be a comparatively high risk of collisions when run immediately after a reboot on a system that has few sources of entropy.
Ivan-Johnson
commented
3 years ago
The current implementation of response caching is unsafe in that the server might return an invalid response. This is possible because when the
cachedecorator is checking whether or not a request already has a cached response it only compares the authentication tokens and cache ids, not the request itself.e.g. let
cachebe used to cache responses from someaddendpoint. Consider this sequence of requests:The "correct" response is 7, but the actual response is 3 because it will reuse the cached value from the previous request. Note that the value of 3 would still be returned even if a different endpoint (e.g.
difference) were used for the second request. The best way of handling this is to return some sort of error code if the given cachid is already being used with the same token but different request.This is arguably user error, but it might be worth fixing anyways. For example, if a client uses
/dev/urandomto generate random cachids, there might be a comparatively high risk of collisions when run immediately after a reboot on a system that has few sources of entropy.